Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-053.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code as the logged-on user or cause a denial of service condition. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-053

Insight

The flaw is due to an error within Remote Desktop Services when accessing an object in memory after it has been deleted. This can be exploited by sending a sequence of specially crafted RDP packets to the target system.

Affected

Microsoft Windows XP x32 Edition Service Pack 3 and prior

References

http://secunia.com/advisories/50244/
http://support.microsoft.com/kb/2723135
http://technet.microsoft.com/en-us/security/bulletin/ms12-053
http://www.securelist.com/en/advisories/50244

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2526

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
Embedded OpenType Font Engine Remote Code Execution Vulnerability (982132)
Cumulative Security Update for Internet Explorer (958215)
Cumulative Security Update for Internet Explorer (956390)

Take action and discover your vulnerabilities